[lfs-patches] r2370 - trunk/sudo

andy at linuxfromscratch.org andy at linuxfromscratch.org
Wed Feb 1 05:20:14 PST 2012


Author: andy
Date: 2012-02-01 06:20:05 -0700 (Wed, 01 Feb 2012)
New Revision: 2370

Added:
   trunk/sudo/sudo-1.8-fprintf_debug-1.patch
Log:
fix a security vulnerability

Added: trunk/sudo/sudo-1.8-fprintf_debug-1.patch
===================================================================
--- trunk/sudo/sudo-1.8-fprintf_debug-1.patch	                        (rev 0)
+++ trunk/sudo/sudo-1.8-fprintf_debug-1.patch	2012-02-01 13:20:05 UTC (rev 2370)
@@ -0,0 +1,32 @@
+Submitted By: Andrew Benton
+Date: 2012-02-01
+Initial Package Version:sudo-1.8.0
+Upstream Status: From Upstream
+Origin: http://www.sudo.ws/sudo/alerts/sudo_debug.html
+Description: Fixes a vulnerability in the debugging code in sudo versions 1.8.0
+through 1.8.3p1 that can be used to crash sudo or potentially allow an
+unauthorized user to achieve root privileges.
+
+--- sudo-1.8.2/src/sudo.c~	2011-07-29 15:50:45.000000000 +0100
++++ sudo-1.8.2/src/sudo.c	2012-02-01 12:14:10.000000000 +0000
+@@ -1206,15 +1206,15 @@
+ sudo_debug(int level, const char *fmt, ...)
+ {
+     va_list ap;
+-    char *fmt2;
++    char *buf;
+ 
+     if (level > debug_level)
+ 	return;
+ 
+-    /* Backet fmt with program name and a newline to make it a single write */
+-    easprintf(&fmt2, "%s: %s\n", getprogname(), fmt);
++    /* Bracket fmt with program name and a newline to make it a single write */
+     va_start(ap, fmt);
+-    vfprintf(stderr, fmt2, ap);
++    evasprintf(&buf, fmt, ap);
+     va_end(ap);
+-    efree(fmt2);
++    fprintf(stderr, "%s: %s\n", getprogname(), buf);
++    efree(buf);
+ }




More information about the patches mailing list